Check if a binary or script is executable

Question

Created Jul ’24

Replies 3

Boosts 0

Participants 2

In one of our apps (not sandboxed) the user can choose a file that matches one of the following UTTypes using an NSOpenPanel:

UTTypeApplicationBundle
UTTypeUnixExecutable
UTTypeShellScript

The selected file will then be launched under certain circumstances. This works pretty well but from time to time we see internal support tickets where people complain because the selected file is not executed. This only affects files of type UTTypeUnixExecutable and UTTypeShellScript for which the Unix permissions are incorrect. They are therefore not executable.

I would now like to check in the app whether the selected file is executable. With app bundles this works without any problems with isExecutableFileAtPath:, but with the other file types this does not work. What is the recommended way to test this for the other files? Is there a better way than checking the POSIX permissions (and owner/group)? Thanks.

Answered by DTS Engineer in 794728022

When it comes to scripts, executability is a tricky concept. It very much depends on who’s doing the execution. For example, a Markdown document can contain HTML and thus, from a certain point of view, is an executable.

If you want to check whether you can execute a native executable or script via posix_spawn (or any of its related APIs) then your best option is to call access with X_OK. If you’re executing the code in some other way, I need you to provide more details about that mechanism before I can offer concrete advice.

With app bundles this works without any problems with -isExecutableFileAtPath:

Just FYI, the modern replacement for that is the isExecutable resource value.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Boost

Answer 1

DTS Engineer OP

Apple

Jul ’24

Accepted Answer

Recommended

When it comes to scripts, executability is a tricky concept. It very much depends on who’s doing the execution. For example, a Markdown document can contain HTML and thus, from a certain point of view, is an executable.

If you want to check whether you can execute a native executable or script via posix_spawn (or any of its related APIs) then your best option is to call access with X_OK. If you’re executing the code in some other way, I need you to provide more details about that mechanism before I can offer concrete advice.

With app bundles this works without any problems with -isExecutableFileAtPath:

Just FYI, the modern replacement for that is the isExecutable resource value.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0

Answer 2

marcthielemann OP

Jul ’24

Hi @DTS Engineer!

Thanks for your reply. I tried this and it works perfectly. But unfortunately it does not work in a sandboxed environment. Even if our app is not sandboxed at the moment, we plan to sandbox it later this year. So I would be interested in a solution that also works for a sandboxed app.

The only solution I found so far is using attributesOfItemAtPath: to get NSFileOwnerAccountName, NSFileGroupOwnerAccountName, and NSFilePosixPermissions and then check these values for the current user. Is there another way to do this from within a sandbox?

Thanks.

0

Answer 3

DTS Engineer OP

Apple

Jul ’24

But unfortunately it does not work in a sandboxed environment.

Sandboxing complicates this considerably. I talked about that in some detail in a posted linked to by On File System Permissions. However, I will note that access does do the right thing when sandboxed, that is, if you access you can’t execute it then posix_spawn will fail.

I’m still not sure I understand your goal here. Earlier you wrote:

The selected file will then be launched under certain circumstances.

Please explain what you mean by “launched” in this context.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0